Notices by Soatok Dreamseeker (soatok@furry.engineer)

@attie Yeah, it's diving into the history of the Linux kernel and the free software movement in a very hand-wavy way so as to establish the backdrop for which the xz-utils attack was orchestrated.

It's not the obvious way to tell the story, and it assumes both a) the audience's ignorance on open source and b) a metric fuckton of other computer history details, but, eh.

It could be worse.

@moses_izumi I'm too exhausted to write about anything

The full story of sysmon-config, the first (to my awareness) comprehensive open source HIDS monitoring solution configuration, is something I would like to tell sometime.

It was in fact not generated for a security job, strictly. I needed to understand the sensitive modifications being made to our Windows systems as Helpdesk. And I did not want to filter Procmon again.

It turns out the modifications that screw things up... kind of include the malware and spyware ones. Especially back then.

Fun fact I made a typo in sysmon-config many years ago, when I was working in Helpdesk.

I got my shot and was hired to the big firm with the big fancy expensive tools I would've never dreamed of.

Do you know what I find in that tool, auditing it?

My typo. They pasted it in. They just... copied the whole thing.

I sit at my desk. And I realize I was always enough.

@tehfishman I haven't looked. Probably comparable.

@tobiasgies Nope :(

@danlyke Yeah :(

@danlyke This was pedo shit

The most disgusting part of writing cryptography and security blogs is you inevitably get some truly disgusting websites in your referrer logs :\

The most disgusting part of writing cryptography and security blogs is you inevitably get some truly heinous websites in your referrer logs :\

@dangoodin I'm not familiar with Google's internals, but I've known @sophieschmieg for a while and I trust her judgment on this.

@drwho I would crash out over this

@drwho Ugh horrible

The real reason furries cannot be trusted with power is the yearning for a dog-eat-dog world #vore

@yoh I'm enjoying Midnight

Gee thanks, Blizzard.

I start a big work project in the morning, and woke up 2 hours ago with a devastating leg cramp.

Yayyyyy :/

@evacide Yeah, exactly as you say: It could be appropriate for some folks. I'm not one of them. :3

@becomethewaifu See, this is a reasonable threat model: laptops getting lost or stolen is more common than APT ninjutsu

A lot of security rituals you hear about from folks online are like this.

This is the kind of culture that leads to giving blanket paranoid security advice without threat modelling first.